Enabling or disabling ingress filtering – Allied Telesis AT-S63 User Manual

AT-S63 Management Software Menus Interface User’s Guide

Section VI: VLANs

629

Enabling or Disabling Ingress Filtering

There are rules a switch follows when it receives and forwards an Ethernet
frame. There are rules for frames as they enter a port (called ingress rules)
and rules for when a frame is transmitted out a port (called egress rules). A
switch does not accept and forward a frame unless the frame passes the
ingress and egress rules.

There are many ingress and egress rules for Gigabit Ethernet switches.
This discussion reviews only the rules as they apply to tagged frames,
because ingress filtering does not apply to untagged frames.

First, as a reminder, a tagged frame is an Ethernet frame that contains a
tagged header. The header contains the VID of the VLAN to which the
frame originated. For further information, refer to “Tagged VLAN
Overview” on page 606.

The ingress rules are applied to tagged frames when ingress filtering is
activated. The switch examines the tagged header of each tagged frame
that enters a port and determines whether the tagged frame and the port
that received the frame are members of the same VLAN. If they belong to
the same VLAN, the port accepts the frame. If they belong to different
VLANs, the port discards the frame.

As an example, assume that a tagged frame with a VID of 4 is received on
a port that is a member of a VLAN also with a VID of 4. In this case, the
port accepts the frame, because both the frame and the port belong to the
same VLAN. If the frame and port belong to different VLANs, the frame is
discarded.

How do the egress rules apply when ingress filtering is disabled? First, any
tagged frame is accepted on any port on the switch. It does not matter
whether the frame and the port belong to the same or different VLANs.

After the tagged frame is received, the switch examines the tagged header
and determines if the VID in the header corresponds to any VLANs on the
switch. If there is no corresponding VLAN, the switch discards the frame. If
there is, the switch transmits the frame out the port to the destination node,
assuming that the destination node’s MAC address is in the MAC address
table, or floods the port to all ports on the VLAN if the MAC address is not
in the table.

In addition, each tagged frame contains a priority tag that informs the
switch about the importance of the frame. Frames with a high priority are
handled ahead of frames with a low priority.

Activating or deactivating ingress filtering has no effect on the switch’s
handling of priority tags. A switch will always examines a priority tag in a
tagged frame, without regard to the status of ingress filtering.